Click to edit Master title styleOpen Forum PRIVACY
Thursday, 17th of October 2013
Brussels, 17 October 2013 2
Agenda
1. 18:30 Welcome 2. 18:45 Big Data & Privacy3. 19:30 Break 4. 19:50
1. Big Data & Privacy (continued)2. Facebook, Employment & Privacy
5. 20:30 Close
Brussels, 17 October 2013 3
Close
Brussels, 17 October 2013
BIG DATAJOHAN VANDENDRIESSCHE & MARC VAEL
4
Brussels, 17 October 2013
What is Big Data?
• Exponential growth of data
• Availability
• Processing tools (‘automated use’)
• Evolution
• (Manual) Small scale profiling
• Data mining
• Big Data
• Numerous applications
• Detect general correlations and trends
• Create specific, individual profiles5
Brussels, 17 October 2013
What is profiling?
• Approach to profiling
• Tool?
• Purpose?
• Current vs. future framework forprofiling
• Mixed approaches in legal documents
• Directive 95/46/EC vs. Draft Regulations
• Council of Europe
• Art. 29 WP
• Privacy Commission
6
Brussels, 17 October 2013
Big Data general and privacy Issues?
• Scale of data collection, tracking and profiling
• Security of data
• Transparency
• Inaccuracy, discrimination, exclusion and economic imbalance
• Increased possibilities of government surveillance.
7
Brussels, 17 October 2013
Data Protection?
• Limitations in relation to the processing of personal data
• Very large legal interpretation to the concept of personal data
• Not necessarily sensitive information (although stricter rules apply to special categories of personal data)
• Processing: “any operation or set of
operations which is performed upon
personal data […]”
8
Brussels, 17 October 2013
Data protection principles
• The data processing must comply with specific principles
• Proportionality
• Purpose limitation
• Limited in time
• (Individual and collective) Transparency
• Data quality
• Data security
9
Brussels, 17 October 2013
Data protection issues?
• Purpose Limitation
• Data collected for a specified, specific andlegitimate purpose
• Re-use for a different purpose?
• Compatible or not?
• Criteria
• Nature of the purposes and their connections
• Circumstances surrouding data collection
• Privacy expectations of the data subjects
• Personal data involved and impact on the data subject
• Safeguards for fair processing
• Specific framework for statistical processing10
Brussels, 17 October 2013
Proportionality
• Processing must be limited to the personal data that is strictly necessaryfor the purpose
• Do I need this personal data?
• Big database containing a lot of information?
• Combination of databases?
11
Brussels, 17 October 2013
Other issues
• Notice obligation
• Specific information to be provided to data subjects
• What is required in case of big data?
• Data quality
• Impact of profiling may be substantial: impact on data quality requirements?
• Data Security
• Big data = big impact of data breaches?
12
Brussels, 17 October 2013
FACEBOOK, EMPLOYMENT
& PRIVACYJOHAN VANDENDRIESSCHE & MARC VAEL
13
Brussels, 17 October 2013
Privacy on Facebook?
• Negative statements on Facebook = immediate dismissal?
• Court decision of the Labour Court of Leuven of 17 November 2011 (yes)
• Confirmed by Court decision of 3 September 2013 of the Labour Court of Appeal of Brussels
• What about privacy on Facebook?
14
Brussels, 17 October 2013
What is privacy?
• Various sources
• European Convention on Human Rights
• Treaty on the Functioning of the European Union (TFEU)
• Charter of Fundamental Rights of the EU
• National (constitutional) legislation
• Various forms
15
Brussels, 17 October 2013
Privacy on the workfloor?
• Privacy at work in the EU?
• Telephone calls
• E-mail / Use of Internet and online technology
• Principle of privacy at work has been confirmed by ECHR and Article 29 Working Party
• National laws implement privacy at work differently
16
Brussels, 17 October 2013
What is data protection?
• Limitations in relation to the processing of personal data
• Very large legal interpretation to the concept of personal data
• Not necessarily sensitive information (although stricter rules apply to special categories of personal data)
• Processing: “any operation or set of
operations which is performed upon
personal data […]”
17
Brussels, 17 October 2013
Some applications
• Pre-employment screening (CBA 38)
• Surveillance on the workfloor
• Internet & e-mail (CBA 81)
• Cameras (CBA 68)
• Theft (CBA 89)
• What about acts outside the workcontext?
• Criticism on Facebook?
• Freedom of speech?
• Privacy (and secrecy of communications)?
18
Brussels, 17 October 2013
Analysis of the decisions
• Immediate dismissal based on negativestatements on a public site of Facebook
• Two main legal issues
• Reason for immediate dismissal?
• Evidence?
• Admissibility of evidence
• Probative value of evidence
19
Brussels, 17 October 2013
Analysis of the decision
• Reason for immediate dismissal?
• No uniform case law
• Particularities
• False statements
• Role/function of the person
• Nature and circumstances of the negativestatements
20
Brussels, 17 October 2013
Analysis of the decisions
• First instance
• Employer can consult public messages on Facebook
• No violation of privacy
• Appeal
• No violation of privacy
• Violation of privacy of communications
• “Antigoon theory” applied: admissibleevidence
21
Brussels, 17 October 2013 22
Contact details
Johan Vandendriessche
Partner
crosslaw CVBA
Mobile Phone +32 486 36 62 34
E-mail [email protected]
Website www.crosslaw.be
Marc Vael
International Vice President
ISACA
Mobile Phone +32 473 99 30 31
E-mail [email protected]
Website www.isaca.org
Brussels, 17 October 2013 23
ISACA BELGIUM